-Blackhat QuotePatching all vulnerabilities for a modern, complex software system (i.e., Windows, iOS) is often difficult due to the volume of bugs and response time requirements. Instead, software vendors usually devise quick workarounds to mitigate the exploitation of a given vulnerability. However, those patches are sometimes incomplete, and attackers can utilize different attack vectors to re-exploit a patched vulnerability.
you still have some "tools" but most UAC bypassing are via user interaction in a way or another.While we're on topic of UAC.
3 or 4 years ago there was a zero day that compromised UAC.
It exploited the windows kernel and allowed elevation of privilege by way of impersonation(programming tactic to impersonate the caller application at the service so that the service can access system resources on behalf of the caller).
Microsoft patched the vulnerability, but don't think it can't be attacked from a different vector, or from history we have found that patching isn't always fool proof. Usually patching is rather lazy and there is always room for re-opening what they have done.
Just sayin, if malware wanted to get through. It would .